Open for Voting

Update certificates to 2048 from 1024.

I am getting this finding by my security team in regards to communication between pollers and agent monitored systems

"Plugin Output:
The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :
|-Subject        : CN=SolarWinds-Orion
|-RSA Key Length : 1024 bits"

Solution they request
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.

  • You may be using an older version of Orion that is still using 1024 bits. We have 1024 bits but that is used by WPM. I am hoping this will be resolved soon.

    |-Subject : CN=SolarWinds-SEUM_PlaybackAgent
    |-Signature Algorithm : SHA-1 With RSA Encryption


  • Is this for the SolarWinds Orion polling engine?  My key is showing 2048 bits.

    This is for Orion Platform 2020.2.6 HF1.  If you want to regenerate with a 2048 RSA key, it looks like you can just export the certificate, delete it from the store and re-run the configuration wizard. (For confirmation, contact support before you try this because the article appears to read one of two ways).

    References:

    This second link seems to indicate that the larger certificate was enabled in Orion Platform 2017.1.

    FYI: My above certificate was generated on 2021-03-04 19:19:42.660 for Orion Platform 2020.2.